Vehicles and transportation systems must undergo major security overhaul before connected cars can enter our daily lives. In the strive for further innovation, there lies a major risk of governments and auto manufacturers neglecting serious security risks
Interest in the concept of connected cars is spreading fast, as recent estimates show by 2020 we will witness 150 million connected cars roaming our streets. Considering the potential impact this development will most definitely have at consumer and corporate levels, many people across the globe are paying close attention to this new state-of-the-art technology.
Governments are also demonstrating their commitment to enhancing the development of the autonomous car industry, understanding the positive impact on their economy’s future. However, their lies the risk of our governments, and the profit-seeking auto industry to push the limits and in the process neglect the essential security 1-2-3s in their drive for further innovation. This poses a major risk first and foremost for our safety on the road, and even the successful outcomes of this new technology.
Connected cars have become the third fastest-growing technological device following the thirst shown for tablets and smartphones, according to Intel Security. The tech giant has gone as far as launching the Automotive Security Review Board (ASRB) in coordination with Aeris and Uber, the founding members.
Cybercriminals, never tiring in their efforts, are known to be constantly attempting to discover newer methods to take advantage of any and all potential vulnerabilities, with financial gain as their main objective. One alarm case was witnessed with Chinese cyber-attackers located 12 miles away hacking and taking over the brakes of a Tesla vehicle. The forecast of threats in this regards is dark and filled with thunderstorms, if you will, especially considering the growing connectivity phenomenon across the globe.
Intel Security has carried out live demos to prove the possibility of attackers using ransomware to target their victims through various vulnerabilities already found in the auto-entertainment systems used in more modern vehicles these days. In many cases drivers have been forced to provide ransom money to gain back control over their own cars.
Through the collaboration of major cybersecurity and auto companies across the globe, Intel’s ASRB board aims to remain ahead of hackers of all kinds and maintain security in the face of various vulnerabilities before they are taken advantage of.
While exciting new features have been made available as a result of Internet activity innovation in our daily cars, such as autonomous driving, real-time telematics and even smart intersections, we cannot avoid the notion that all this opens possible new loopholes for cyber-attackers to hack and take advantage of.
Security solutions must be built in from the factory, with the possibility of periodical upgrading, to guarantee the next generation of the auto industry will be able to operate at their full potential while remaining secure from cyberattacks. This is especially important with the operating environment around us becoming further malicious.
Designing fundamental security
A very proactive and intentional security design is imperative and considered a major necessity in order to consolidate and interconnect vehicle systems. Therefore, the idea of vehicle security must be placed at the utmost priority when trekking in the utterly important design phase.
The aerospace and defense industries have implemented very effective foundational principles that can be utilized by the auto industry. Designing protected and secure systems, from hardware to the cloud, in parallel to identifying the most efficient technology and best practices for every single building block in the process. This is a procedure very similar to the methodology of layers of protection analysis that is currently being sued to enhance security and reduce risk.
There are different branches that should be taken into consideration, including anomaly detection, behavioral monitoring, data privacy, isolation of safety critical systems, message authentication, network encryption, secure boot, shared threat intelligence and trusted execution environments.
Designing is not the only branch where auto security should launch its efforts. In fact, the production and operation stages are also very critical. Through the implementation of the best practices possible in the production phase, the properties outlined in the secure design can provide the basis for the correct linkage of design components. Customers can find confidence in the platform security.
Code reviewing, continuously validating security assumptions, conducting penetration tests on components and entire systems, material process for inbound and outbound actions, and a feedback loop to enhance learning on a continuous basis, in addition to further improvements.
Transporting with security
Cars hitting the road doesn’t mean threat analysis and risk assessment is no longer needed. The exact opposite. While new vulnerabilities can pop-up, old ones can also be patched – rendering an increasing risk of attacks through the passing of time.
The general public and the auto industry will be confident if, and only if, detailed response plans for incidents are in place when a newly discovered vulnerability or security breach is born.
Taking advantage of different techniques that are available, including firmware patches, over-the-air software and upgrades make the manufacturers ready and equipped to resolve vulnerabilities. In the end this will render a major reduction in the cost of recalls.
Furthermore, the discovery and comprehension of possible criminal business models are aided by threat intelligence. This provides the ability to prioritize threats and associated risks, while blueprinting and putting into action a proper incident response. Building secure chains of trust into the vehicles are required to make the success of such operational measures possible. And the design should be for a lifetime.
A combination of safety measures and computer security are two very vital concepts needed today to ensure the utmost automotive security possible. Connected cars cannot become part of our daily lives before safety and security measures regarding vehicles, and transportation systems in general, are significantly improved.
Moreover, employing mitigation and preventive techniques are necessary to identify and quickly resolve harmful vulnerabilities before further damage is caused. This is, of course, in addition to keeping ahead of the hacker pack by ensuring the difficult nature of executing cyber-attacks.
The ultimate goal, however, should be to enable connected cars to identify and self-heal their vulnerabilities by detecting ill-meant measures, enduring attacks and conducting self-repair actions when deemed necessary.
This objective can only be reached through increasing collaboration and coordination growing amongst major auto industries, standards entities and security experts. Otherwise, dark storms will be looming over our roadways.